In our last article, we looked at the impact of a hacked website on your brand and corporate reputation, and prior to that, we explored the multitude of cyber threats that lurk around every corner, waiting to pounce on weak cyber defences. In this article, we will look at the importance of penetration testing, more commonly known as PEN-Testing. If you’re not already doing it, we’ll tell you why you should.

Vulnerability assessment vs PEN-Testing

PEN-Testing allows you to perform focused tests on specific components of your systems, e.g. your website. The PEN-Test can identify weaknesses that may not reveal themselves in a vulnerability assessment. The true extent of your system flaws will only be identified through PEN-Testing. In NEWORDER’s PEN-Test, our cybersecurity experts will evaluate your system and give you a comprehensive picture of your existing security position. We will highlight the necessary actions so that you can prioritise the steps you need to take to protect your business infrastructure.

Types of PEN-Test

There are multiple types of PEN-Testing, focusing on different aspects of your organisation’s “perimeter” – the boundary separating your network from the vastness of the internet. These include:

• Infrastructure penetration tests
  • External network tests – external penetration tests identify and test security vulnerabilities that could allow attackers to gain access from outside the network
  • Internal network tests – internal penetration tests focus on what an attacker with inside access could achieve. It’s not pleasant to think of your employees as potential threats, but unfortunately, attacks do happen internally. An internal test looks at your systems from the perspective of both authenticated and non-authenticated users to see where the weak spots are.
• Web application tests – these look at vulnerabilities such as coding errors or unintended software responses to certain requests. A web application test can pick up cross-site scripting (XSS) or SQL injection.
• Wireless network tests – a wireless network penetration test will check your Wi-Fi network for weaknesses, including encryption problems, and will point out ways an invader could access your system by evading WLAN protocols.
• Social engineering tests – since so many breaches start with human error, it is good practice to test your staff’s susceptibility to phishing and other social engineering

Benefits of PEN-Testing

When you consider the costs of recovering from a cyber breach, particularly a ransomware attack, the financial benefits of undertaking regular, scheduled PEN-Testing are self-evident. PEN-Testing should be a critical component of your IT strategy. It is not an add-on. ISO 27001, the international standard for best practice of an information security management system, states:

Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

Many data protection laws and frameworks – such the GDPR (General Data Protection Regulation) and the PCI DSS (Payment Card Industry Data Security Standard) – a mandate that penetration tests be conducted regularly. Regular PEN-Testing ensures you know and prioritise the risks facing your system. It will ultimately save you a lot of money.

NEWORDER PEN-Test 2.0

The NEWORDER Information Security and Ethical Hacking Professional Services provide strategic and tactical insight into your actual state of security. We examine whether best practices and adequate safety measures are in place to mitigate and minimise the impact of known and unknown security risks. We help identify these threats by directly probing and performing web application scanning, discovery, and vulnerability assessment and exploitation, much like an actual attacker would do. The NEWORDER PEN-Test 2.0 framework is unique to NEWORDER, developed in-house, following decades of research, case studies and hands-on expertise.

NEWORDER’s PEN-Testing service can be tailored to the needs of your organisation. Don’t get caught out by an attacker. Make scheduled PEN-Testing a part of your cyber defence now!!